Russia publicly joins war on Tor privacy with $111,000 bounty

Interior Ministry wants way to crack down on anonymous bloggers, other criminals.

The Russian Ministry of Internal Affairs (MVD) has offered a 3.9 million ruble (approximately $111,000) contract for technology that can identify the users of Tor, the encrypted anonymizing network used by Internet users seeking to hide their activities from monitoring by law enforcement, government censors, and others.

In a notice on the Russian government’s procurement portal under the title “Perform research, code ‘TOR’ (Navy),” originally posted on July 11, the MVD announced it was seeking proposals for researchers to ”study the possibility of obtaining technical information about users and users equipment on the Tor anonymous network.” The competition, which is open only to Russian citizens and companies, requires entrants to pay a 195,000 ruble (approximately $5,555) application fee. Proposals are due by August 13, and a winner of the contract will be chosen by August 20.

The MVD had previously sought to ban the use of any anonymizing software. That proposal was dropped last year. However, a new “blogger law” passed in April, which goes into effect in August, requires all bloggers with an audience of over 3,000 readers to register their identity with the government—and enforcement of the law could be made difficult if bloggers use the Tor network to retain their anonymity.

Earlier this week, researchers from Carnegie Mellon University abruptly cancelled a scheduled talk at the upcoming Black Hat security conference entitled “You Don’t Have to be the NSA to Break Tor: Deanonymizing Users on a Budget.” The session was apparently cancelled due to legal issues. On July 23, Exodus Intelligence reported in a blog entry that its researchers had found a vulnerability in a component of TAILS, an operating system designed to be booted from a CD or USB stick that uses Tor and other services to anonymize users and leave no trace of their activities on their PC. Developers with the Tor Project said that they are working to fix the weakness discovered by the Carnegie Mellon team.

Update: The MVD updated the listing earlier today to remove the public description of the project. It still is labelled as "шифр «ТОР (Флот)»" (which translates as "cipher 'TOR' (Navy)").

Whatever doesn't kill Tor will just make it stronger. Also, somebody needs to get Putin a fluffy white cat to complete his transformation into a full-on Bond villain.

Unless they manage to crack it, announce such and then keep the secrets of how to themselves. Depending on the difficulty of the process the actual vulnerabilities might never be discovered.

Which would effectively kill TOR. In fact, a lie saying that they've cracked it along with a few high-profile arrests (which were based on evidence not obtained from a TOR crack but which they've hidden the actual mechanism of obtaining that evidence) could be just as bad.

Whatever doesn't kill Tor will just make it stronger. Also, somebody needs to get Putin a fluffy white cat to complete his transformation into a full-on Bond villain.

He needs a Kim Jong *** suit and a fluffy white cat.

Seriously did Kim Jongs rip off James Bond villains, or the other way around?

Anyhow if anyone can crack TOR (besides NSA) it will be Russian hackers. Not sure if they'd be willing though because they are the ones committing crimes over TOR. They are probably raking in way more than $110K by stealing western credit card numbers....

Whatever doesn't kill Tor will just make it stronger. Also, somebody needs to get Putin a fluffy white cat to complete his transformation into a full-on Bond villain.

He needs a Kim Jong *** suit and a fluffy white cat.

Seriously did Kim Jongs rip off James Bond villains, or the other way around?

Anyhow if anyone can crack TOR (besides NSA) it will be Russian hackers. Not sure if they'd be willing though because they are the ones committing crimes over TOR. They are probably raking in way more than $110K by stealing western credit card numbers....

It's always comforting when you know the basguys, ie., USA and Russia, in one way or the other, advertise that TOR works.

Or they have broken TOR and they just keep making it seem like they haven't so they can continue to monitor TOR networks without anyone the wiser. If a government agency has broken TOR the worst thing they could do is let people know they have broken it since then all of the knowledge they could have gained would dry up.

It's always comforting when you know the basguys, ie., USA and Russia, in one way or the other, advertise that TOR works.

Or they have broken TOR and they just keep making it seem like they haven't so they can continue to monitor TOR networks without anyone the wiser. If a government agency has broken TOR the worst thing they could do is let people know they have broken it since then all of the knowledge they could have gained would dry up.

The problem with that reasoning is that we know for certain that they can see what you are doing, if you aren't on tor. If you use tor, there is the increased probability that it is private. It should, at best, be seen as one additional brick in the wall that will give you privacy, but other methods, such as encryption shouldn't be forsaken because you happen to use tor. The harder is it for automatic collection and interpretation of data to take place the better it is for any citizen who is concerned about their privacy. The more manpower it takes to collect a piece of data, the more focused they will be when it comes to targeting someone, because you make it a waste of their time and resources to collect and analyze your data.

And that's the difference between this and the NSA. The Russian initiatives are clearly political in nature, designed to suppress dissent. The NSA's violations at least are not aimed at stamping out political enemies or censoring people. They're both wrong. But one is a hell of a lot more wrong and scary than the other.

It's always comforting when you know the basguys, ie., USA and Russia, in one way or the other, advertise that TOR works.

Or they have broken TOR and they just keep making it seem like they haven't so they can continue to monitor TOR networks without anyone the wiser. If a government agency has broken TOR the worst thing they could do is let people know they have broken it since then all of the knowledge they could have gained would dry up.

Absolutely. But I don't think they'd have the foresight to include that in the documents Snowden released.

And that's the difference between this and the NSA. The Russian initiatives are clearly political in nature, designed to suppress dissent. The NSA's violations at least are not aimed at stamping out political enemies or censoring people. They're both wrong. But one is a hell of a lot more wrong and scary than the other.

Yes, but to be fair, I believe that th Russian government isn't making a "for your own safety" excuse for it like the US government is.

And that's the difference between this and the NSA. The Russian initiatives are clearly political in nature, designed to suppress dissent. The NSA's violations at least are not aimed at stamping out political enemies or censoring people. They're both wrong. But one is a hell of a lot more wrong and scary than the other.

Yes, but to be fair, I believe that th Russian government isn't making a "for your own safety" excuse for it like the US government is.

His point was that US v Russia intentions are apples and oranges. Your argument implies the opposite, and is not "fair" as you put it.

And that's the difference between this and the NSA. The Russian initiatives are clearly political in nature, designed to suppress dissent. The NSA's violations at least are not aimed at stamping out political enemies or censoring people. They're both wrong. But one is a hell of a lot more wrong and scary than the other.

And that's the difference between this and the NSA. The Russian initiatives are clearly political in nature, designed to suppress dissent. The NSA's violations at least are not aimed at stamping out political enemies or censoring people. They're both wrong. But one is a hell of a lot more wrong and scary than the other.

Sure you want to go as far as you said in the third to last sentence there? I'm not at ALL sure that it is NOT aimed as stamping out political enemies.

And that's the difference between this and the NSA. The Russian initiatives are clearly political in nature, designed to suppress dissent. The NSA's violations at least are not aimed at stamping out political enemies or censoring people. They're both wrong. But one is a hell of a lot more wrong and scary than the other.

Yes, but to be fair, I believe that th Russian government isn't making a "for your own safety" excuse for it like the US government is.

Yes, both are "for your own safety". But what does each side consider to be a threat to safety?

Has the NSA arrested any of the administration's opponents? Have they been shuttering opposition media or forcing out editors? Fox News is still on the air, last I checked.

Whereas in Russia, protest leaders have been jailed. Media outlets shuttered or had their management replaced. Websites shut down. None of that has happened in the US.

It's always comforting when you know the basguys, ie., USA and Russia, in one way or the other, advertise that TOR works.

Or they have broken TOR and they just keep making it seem like they haven't so they can continue to monitor TOR networks without anyone the wiser. If a government agency has broken TOR the worst thing they could do is let people know they have broken it since then all of the knowledge they could have gained would dry up.

The problem with that reasoning is that we know for certain that they can see what you are doing, if you aren't on tor. If you use tor, there is the increased probability that it is private. It should, at best, be seen as one additional brick in the wall that will give you privacy, but other methods, such as encryption shouldn't be forsaken because you happen to use it. The harder is it for automatic collection of data to take place the better it is for any citizen who is concerned about their privacy. The more manpower it takes to collect a piece of data, the more focused they will be when it comes to targeting someone, because you make it a waste of their time and resources to collect and analyze your data.

And with that post you appear to have missed my point completely. My post was to point out that articles like this from Russia or the NSA could be them just pretending that TOR hasn't been broken so people keep using it thinking that it is secure when in fact it isn't.

Just like when enigma was broken the Allies didn't run out and tell the Germans, "hey we broke your shit, pwned!!!!". No instead they sat back and pretended not to have broken enigma encryption all the while they soaked up as much knowledge as they could.

My post is no way saying people should only use TOR without further security measure or shouldn't use TOR, or whatever waste of text that you ranted on about. It was just about if they had broken TOR they wouldn't be advertising that they had. They instead would just keep on going acting as if they hadn't.

It's always comforting when you know the basguys, ie., USA and Russia, in one way or the other, advertise that TOR works.

Or they have broken TOR and they just keep making it seem like they haven't so they can continue to monitor TOR networks without anyone the wiser. If a government agency has broken TOR the worst thing they could do is let people know they have broken it since then all of the knowledge they could have gained would dry up.

The problem with that reasoning is that we know for certain that they can see what you are doing, if you aren't on tor. If you use tor, there is the increased probability that it is private. It should, at best, be seen as one additional brick in the wall that will give you privacy, but other methods, such as encryption shouldn't be forsaken because you happen to use it. The harder is it for automatic collection of data to take place the better it is for any citizen who is concerned about their privacy. The more manpower it takes to collect a piece of data, the more focused they will be when it comes to targeting someone, because you make it a waste of their time and resources to collect and analyze your data.

And with that post you appear to have missed my point completely. My post was to point out that articles like this from Russia or the NSA could be them just pretending that TOR hasn't been broken so people keep using it thinking that it is secure when in fact it isn't.

Just like when enigma was broken the Allies didn't run out and tell the Germans, "hey we broke your shit, pwned!!!!". No instead they sat back and pretended not to have broken enigma encryption all the while they soaked up as much knowledge as they could.

My post is no way saying people should only use TOR without further security measure or shouldn't use TOR, or whatever waste of text that you ranted on about. It was just about if they had broken TOR they wouldn't be advertising that they had. They instead would just keep on going acting as if they hadn't.

The difference is that was a time of war and they kept the fact that enigma was broken VERY compartmentalized.Today? With all the people who would be involved in hacking TOR? If they truly broke it, we would hear about it.

And that's the difference between this and the NSA. The Russian initiatives are clearly political in nature, designed to suppress dissent. The NSA's violations at least are not aimed at stamping out political enemies or censoring people. They're both wrong. But one is a hell of a lot more wrong and scary than the other.

Yes, but to be fair, I believe that th Russian government isn't making a "for your own safety" excuse for it like the US government is.

The Russian government also isn't trying to get rid of a constitution that states the rights of it's people, and makes such programs illegal. It's like that story of the frog in boiling water. Right now, the American government is slowing turning up the heat, to get that water we are in boiling. They have to do it slowly, or risk repercussions. The Russian Government is doing the same thing, but they have been doing it longer with less restrictions and are able to restrain their frog, so it can't leave the pot; they can turn the temperature up faster. Look to see what Russia is doing, and you will know what the traitors like Clapper, Alexander and Hayden have envisioned for the US people.

Hence the American govt has to convince you to stay in the pot, for your own safety. It's dangerous to not be in the pot, trust us.

Sean Gallagher / Sean is Ars Technica's IT Editor. A former Navy officer, systems administrator, and network systems integrator with 20 years of IT journalism experience, he lives and works in Baltimore, Maryland.